?
Solved

VPN over Comcast business gateway

Posted on 2015-01-21
4
Medium Priority
?
1,042 Views
Last Modified: 2015-01-28
Had a point to point VPN connecting over Comcast using SMC gateway in all locations. Netgear FVS214 routers at all locations using Netgear IPSec setup. All was working fine and then one day it quits.
Cannot find out why. Nothing we control appears to have changed.
Any ideas on where to check or what alternatives are available.
0
Comment
Question by:lloving
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 35

Expert Comment

by:Dan Craciun
ID: 40563001
You can check the VPN logs on your routers. This will usually tell you the problem.

If Comcast broke your VPN, it's probably because they have a more expensive "business" plan that they can't wait to sell. Just call them.

HTH,
Dan
0
 

Author Comment

by:lloving
ID: 40566548
Ok, here is the output from the VPN log on the host router (Netgear FVS336Gv2). I would appreciate any help deciphering what this log is trying to tell me. Thanks for any response.

2015 Jan 23 14:56:02 [FVS336GV2] [IKE] Initiating new phase 2 negotiation: 50.78.236.145[500]<=>50.251.114.165[0]_
2015 Jan 23 14:56:02 [FVS336GV2] [IKE] Configuration found for 50.251.114.165._
2015 Jan 23 14:56:02 [FVS336GV2] [IKE] accept a request to establish IKE-SA: 50.251.114.165_
2015 Jan 23 14:55:47 [FVS336GV2] [IKE] an undead schedule has been deleted: 'quick_i1prep'._
2015 Jan 23 14:55:47 [FVS336GV2] [IKE] Phase 2 negotiation failed due to time up. c4d2ff0089c77029:af4c283fb749eb78:c8c7e907_
                - Last output repeated 3 times -
2015 Jan 23 14:55:09 [FVS336GV2] [IKE] Ignore information because the message has no hash payload._
2015 Jan 23 14:54:47 [FVS336GV2] [IKE] Initiating new phase 2 negotiation: 50.78.236.145[500]<=>50.251.114.165[0]_
2015 Jan 23 14:54:47 [FVS336GV2] [IKE] Configuration found for 50.251.114.165._
2015 Jan 23 14:54:47 [FVS336GV2] [IKE] accept a request to establish IKE-SA: 50.251.114.165_
0
 
LVL 35

Accepted Solution

by:
Dan Craciun earned 2000 total points
ID: 40566802
>>Phase 2 negotiation failed due to time up.
In my experience, this is a problem caused by a firewall or by NAT.
Check if your Comcast router in the central location is in bridge mode.
0
 

Author Comment

by:lloving
ID: 40575986
Comcast is the culprit. They appear bump the gateway in and out of "bridge" mode. Problem mysteriously solves its self when I complain to Comcast support.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Sometimes you have to pull out old tricks to get a new firewall to work… While we were installing a new Sonicwall at a customers site we found that sites they were able to visit before were not working.  It seemed random and we could not understa…
Why do some people recommend buying business VoIP from an ISP? What are the benefits to my company? What are the costs?
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
How to fix incompatible JVM issue while installing Eclipse While installing Eclipse in windows, got one error like above and unable to proceed with the installation. This video describes how to successfully install Eclipse. How to solve incompa…

650 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question